TDE (Encryption) and expdp (Datapump)
Hi,
I'm testing TDE's features on an Oracle 10g R2 database. I edit the sqlnet.ora then I created a wallet on database 1 (DEV1), a table, did inserts, pumped (expdp) data and tried re-import it in another database (DEV2) which I use with DataGuard for failover, but something went wrong. So I try re-create my wallet on the first database (DEV1) by alter system set wallet close and delete it from my hard drive and drop table purge. I went trought the whole process of creating the wallet and table but when I tried expdp I got the ORA-28362 master key not found.
How could I not be able to export my data ? What can I do to do a clean deletion of the wallet and recreate it ?
Thanks for you help
Francis
Thank you,
but I already read those pages and understand them. But as I said, even though I delete and recreate the wallet, I can't get datapump to extract data with the ENCRYPTION_PASSWORD parameter. If I don't put this parameter everything is ok! but the data is not encrypted.
Similar Messages
-
Comparing performance between TDE encryption and no encryption
Hi all,
How can i check, how much database resource (%CPU, Time elapsed) increased when using TDE encryption.
Thank you!
Dan.
Edited by: Dan on Jul 10, 2011 10:13 PMThe performance implications of using TDE are going to depend on a number of factors including
- The version of Oracle
- The hardware available (in particular whether hardware acceleration is available for encryption)
- Whether you are using tablespace encryption or column-level encryption
- If you are using column-level encryption how many columns you are encrypting
- What sort of workload your system is doing.
- Where your system bottlenecks today without encryption
Without knowing those things, it's hard to narrow down the answer to somewhere between 0 and 50% which is, obviously, far too large a range to be meaningful.
On the one hand, the worst case is probably represented by this test case where you're using column-level encryption of one column of a two column table in 10.2 and doing single-row inserts and deletes. Those operations are already heavily CPU bound and, since you're using column-level encryption, the data has to be encrypted and decrypted every time it goes into or out of the SGA. If you were using tablespace-level encryption, the data would only need to be encrypted and decrypted when it is read from or written to the disk which would be far faster in for this test case. Later versions of Oracle also tend to be more efficient.
On the other hand, if you're using 11.2 with the most recent patches and you've got hardware acceleration, Oracle is happy to trumpet the [urlhttp://www.oracle.com/technetwork/database/options/advanced-security/index-099011.html]near-zero performance impact of TDE.
Most people live somewhere between these two extremes but it's hard to guess where your particular application falls. I would guess that most people would see something like a 10-15% increase in CPU consumption but that's just a wild guess based on a relatively small sample of systems.
Justin -
How to create and TDE encrypt a sql instance and db?
I'm looking for a step by step how to. Sorry if this is an overly broad question.
Creating a new instance shouldn't be much of a problem. Run the sql install, create a new instance with a new name.
I'm no dba, have zero experience with encryption, so... is TDE applied after the instance is created? Would I backup/restore a db to the new instance before or after applying TDE? Is TDE "applied", and how?
HALP
Thanks,
Scott... is TDE applied after the instance is created?
Hello Scott,
We define TDE = Transparent Data Encryption on database Level, not on instance Level. And you need the Enterprise Edition to use TDE.
Olaf Helper
[ Blog] [ Xing] [ MVP] -
Dear DBAs,
Is there a way to encrypt a backup dump using expdp in oracle10g ??
Actually the tables are not encrypted and i only want to encrypt the backup dump.
thanks in advance for your helpDataPump is not a backup. If you want a backup. And you want encryption. Use the correct tool: RMAN.
But just to answer your question a demo of export encryption can be found here:
http://www.psoug.org/reference/datapump.html
The fact that this demo exists should not be taken as an indication that encryption does not require additional licensing: It may. Check with your Oracle sales rep. -
Check the status expdp datapump job
All,
I have started expdp (datapump) on size of 250GB schema.I want to know when the job will be completed.
I tried to find from views dba_datapump_sessions and v$session_longops,v$session.But but all in vain.
Is it possible to find completion time of expdp job?
Your help is really appreciated.Hi,
Have you started the Job in "Interactie mode".. ??
If yes then you can get the status of Exectuion with "STATUS"- defauly is zero (If you setting to not null value then based on that it will show the status - seconds)
Second, thing check "dba_datapump_jobs"
- Pavan Kumar N -
Can RMAN backup and export datapump executed at the same time?
Hello,
I have several databases that I backup using RMAN and export datapump everynight starting at 6PM and end at Midnight. The backup maintenance window doesn't give me enough time for each database to run at different time. I am using crontab to schedule my backups. Since I have so many databases that need to be backed up between 6PM - Midnight, some of the export and RMAN backup scripts will execute almost at the same time. My question is can my export data pump and RMAN backup scripts run at the same time?
Thank you in advance.
JohnNeeds must. If you don't run expdp parallel then it doesn't use that much. If it was really killing the system then look into setting up a Resource plan that knocks that user down but this is a big step.
I woud better look into using Rman
system incrementals, and block change tracking, to minimize your RMAN time.
Regards
If your shop needs to do both simultaneously then go for it.
Chris.
PS : One of my shops has maybe 20-30 rmans and pumps all kicking off some simultaneous, some not, from 0000 to 0130. No complaints from users and no problems either. Go for it.
Edited by: Chris Slattery on Nov 25, 2012 11:19 PM -
I have been using oracle export/import as well as datapump export/import on a regular basis in building our database environments. I noticed the difference between the normal export and the datapump export.
Export(exp) has the compress=Y/N option whereas i didnt see the option in Datapump.
I was looking at the Documentation and found that
http://download.oracle.com/docs/cd/B14117_01/server.101/b10825/dp_export.htm#i1005864
"A parameter comparable to COMPRESS is not needed. " --This is what described in the documentation.
Does Datapump export does automatic compresssion?
I have tried exporting a table(size-14G) from our Database with "norows" option using normal export and tried Datapump export using Metadata_only option and generated the Sql for the metadata definitions.
The script from the normal export shows the initial extent size of 2g whereas SQLfile from the datapump import shows 260M.
Now,which is the best approach for creating objects while Data movement across Databases.
Please clarify.using compress=y in export means:
exp determines the total size of the segment, uses that as the size of the new initial extent, and sets the next extent to 10 percent of the initial extent.
It is a remnant from the V6 days when there were only dictionary managed tablespaces, and many DBAs (including yours truly) where micromanaging table size and free space size.
That said, even Oracle admits it was not their brightest moment, and you shouldn't use it, ever.
Obviously introducing expdp, in a LMT world, was the moment to get rid of it.
Sybrand Bakker
Senior Oracle DBA -
About TDE encryption feature of oracle
Hi All,
I am facing problems while checking this feature of Encryption,
I created in database1, table1 with user1, coulum1 in the table1 was with encrypt keyword as follows.
create table table1(ID number(3), PHONE number(11) encrypt);
Inserted some rows and selected those rows, it shows them successfully, Ideally it should show the actual data for user1.
gave the select permission to user2 from user1 for table1 as follows:
grant select on table1 to user2;
Now logged in with user2 to same database1.
now when I query the database for table1 as follows:
select * from database1.table1;
It shows all the rows successfully, Ideally it should NOT show the actual data for user2.
Can someone please tell me the solution or explain me the procedure to test it properly.
Thanks in advance,
Nikhil Joshi.TDE encrypts data when it is on disk "at rest". If a user has SELECT access to the data in question, TDE will transparently (hence the T) decrypt the data. TDE will never present any user with encrypted data-- either the user does not have privileges to select the data in the first place or they do and TDE will decrypt it.
If you want to limit what data a particular user can access, you'd either want to do that conventionally by, for example, creating a view on the table that does not have the phone number and only granting access on that view to user2. Or, assuming you're using 11.2, you could create a VPD policy that limits what columns a particular user can see. A VPD policy would generally make sense if you wanted to allow user2 to see the phone number for some rows but not others.
Justin -
We have a database that is encrypted using TDE. We made a backup of this database and gave it to our clients who then need to restore the database to their server. How do I do this knowing TDE is enabled? I have the pvk and cer files from our server, but
not sure what the process is. can anyone help?Restoring a TDE Encrypted Database to a Different Server or Location
Restoring a database to a different SQL Instance is usually a straightforward task. However, this attempt will return an error as shown below for an encrypted database when restoring into a different instance.
USE [master]
RESTORE DATABASE [TDE_restore] FROM
DISK = N'C:\Backup\TDE_Enabled.bak'
WITH FILE = 1, NOUNLOAD, REPLACE, STATS = 5
Output:
Msg 33111, Level 16, State 3, Line 2
Cannot find server certificate with thumbprint..
Msg 3013, Level 16, State 3, Line 2
RESTORE DATABASE is terminating abnormally
To restore successfully, we will need to physically copy the certificate (.cer) and private key (.pvk) to the destination server. As a best practice, we should immediately back up the certificate and the private key when we enable TDE. However, we can still
take backup the certificate and private key now in the source server as shown below if not done earlier.
USE master;
GO
BACKUP CERTIFICATE TDECert1
TO FILE = 'E:\Backup\certificate_TDE_Test_Certificate.cer'
WITH PRIVATE KEY
(FILE = 'E:\Backup\certificate_TDE_Test_Key.pvk',
ENCRYPTION BY PASSWORD = 'Password12#')
Create a Master Key in destination server.
The password provided here is different from the one we used in the source server since we are creating a new master key for this server.
USE master
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'D1ffPa$$w0rd'
After a master key has been created, create a certificate by importing the certificate we created earlier. Here the ‘Decryption By Password’ parameter is same as that provided to export the certificate to a file.
CREATE CERTIFICATE TDECert2
FROM FILE = 'E:\cert_Backups\ certificate_TDE_Test_Certificate.cer'
WITH PRIVATE KEY (FILE = 'E:\cert_Backups\certificate_TDE_Test_Key.pvk',
DECRYPTION BY PASSWORD = 'Password12#')
Restore Database in destination server
We will now be able to restore the encrypted database backup successfully.
USE [master]
RESTORE DATABASE [TDE_Test] FROM DISK = N'F:\Backup\TDE_Test_withtde.bak'
WITH FILE = 1, NOUNLOAD, REPLACE, STATS = 5
Raju Rasagounder Sr MSSQL DBA -
Expdp(datapump) or exp(orignal export).
Hi
i do not have xmltype in my tables or views but in stored proc i do have for processing xml.
so should i use expdp(datapump) or exp(orignal export).
yours sincerely
Edited by: 944768 on Apr 1, 2013 4:53 AMxml ... ?That one I have no idea. Try it and see. Test and verity your result. Know what to expect, and don't be surprised if you ... find something you were not expecting.
connected to a schemaOne does not connect to a schema, connections are opened to a database instance. A schema is a collection of database objects.
entry form but no body is using it ...That is an entirely different subject, try a google with the search terms rdbms acid test.
In oracle, the only session (connection) that can "see" updates is the updating session. No other session may sees those changes until the transaction is committed to the database. Until the commit, all other connections see the "before" value.
Queries that begin before other transactions commit see the before values, oracle keeps the old value in undo. So an export will "see" the values committed as of the time the export begins. -
Where are my photos on the PC after synching with an iphone? I know nobody out there is stupid enough to suggest to me that they are encrypted and inaccessible, right? Seriously? How stupid would Apple corporation have to be to do something like this? That would be just as foolish as making my music unusable on the PC...
Okay, Let's assume that Apple is indeed THAT foolish.......How does one get the photos from the phone to the PC and still use them?The photos are still on your phone, and if enabled in your Photo Stream. They are not automatically transferred to your computer when syncing.
See iOS: Import personal photos and videos from iOS devices to your computer and iCloud: My Photo Stream FAQ
tt2 -
Question regarding encryption and decryption
Hi all,
I am doing a authentication project. In which I do encryption and decryption (AES 128 bit) in two different methods. At the time of encryption (for eg a text file ), I store the key in dat file (key.dat). And at the time of decryption, I read the key.dat and extract the key and do the decryption. This works fine. No problem with that.
But the problem is, that the client requires that
"No encryption keys will be written to the hard drive."
I have to store the key somewhere to decrypt the encrypted file. Right. Without storing the key, I cannot decrypt.
The question is (though its a foolish question) with out storing the key, can i encrypt and decrypt (in two different methods) the text file ?
Thank You.
Regards,
JayHi Grant,
Thanks for the reply. ( I am the one whom you helped to solve the encryption and decryption problem using AES )
I will give you an overview of my project. Its an Two Factor Authentication using an USB Flash Drive.
Admin Side : ( currently developing this part )
Through an CPP executable file ( writen by John Hyde USB By Example author), I retrive the Manufature ID, Product ID and Serial number of the USB Flash Drive from a text file which is generated when the executable file is executed.
From my Java application, i retrive the Manufature ID, Product ID and Serial number.The admin (through an dialog box ) enters an usernam and password . All this information ( Manufature ID, Product ID, Serial number , username and password ) using AES 128 bit encryption i write these information to encrypted file in the USB Flash drive along with the the encryption key used at the time of decryption.
User Side: ( not yet devleoped )
When the user plugs in the USB Flash drive, an dialog box is shown where the user enters the username and password ( assigned earlier by the admin). This username and password is checked along with the Manufature ID, Product ID and Serial number encrypted earlier and stored in the USB Flash drive. If username password ,Manufature ID, Product ID and Serial number (retrieved again by exectuing the CPP excutable file ) are correct the user is granted access.
Whats your suggestion reagrading of storing the encryption key? I have to store the key in the USB Flash drive along with the encrypted file. But then wont an intruder (for eg ) if he gets the key and decrypt the file ?
Client has mentioned to use AES 128 Bit encryption.
Thank You.
Regards,
Jay. -
Problem in using socket streams with encryption and decryption
Hi,
I am developing a client/server program with encryption and decryption at both end. While sending a message from client it should be encrypted and at the receiving end(server) it should be decrypted and vice versa.
But while doing so i got a problem if i use both encryption and decryption at both ends. But If i use only encryption at one (only outputstream) and decryption at other end(only inputstream) there is no problem.
Here is client/server pair of programs in which i am encrypting the outputstream of the socket in client side and decrypting the inputstream of the socket in server side.
serverSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class serverSocketDemo
public static void main(String args[])
try
{ //server listening on port 2000
ServerSocket server=new ServerSocket(2000);
while (true)
Socket theConnection=server.accept();
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connection request from : "+theConnection.getInetAddress());
//Input starts from here
Reader in=new InputStreamReader(getNetInStream(theConnection.getInputStream()),"ASCII");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n' || c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Client : "+str);
in.close();
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static BufferedInputStream getNetInStream(InputStream in) throws Exception
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyDataDec = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpecDec = new DESKeySpec(desKeyDataDec);
SecretKeyFactory keyFactoryDec = SecretKeyFactory.getInstance("DES");
SecretKey desKeyDec = keyFactoryDec.generateSecret(desKeySpecDec);
// use Data Encryption Standard
Cipher desDec = Cipher.getInstance("DES");
desDec.init(Cipher.DECRYPT_MODE, desKeyDec);
CipherInputStream cin = new CipherInputStream(in, desDec);
BufferedInputStream bin=new BufferedInputStream(new GZIPInputStream(cin));
return bin;
clientSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class clientSocketDemo
public static void main(String args[])
try
Socket theConnection=new Socket("localhost",2000);
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connecting to : "+theConnection.getInetAddress());
//Output starts from here
OutputStream out=getNetOutStream(theConnection.getOutputStream());
out.write("Please Welcome me\n".getBytes());
out.flush();
out.close();
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static OutputStream getNetOutStream(OutputStream out) throws Exception
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyDataEnc = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpecEnc = new DESKeySpec(desKeyDataEnc);
SecretKeyFactory keyFactoryEnc = SecretKeyFactory.getInstance("DES");
SecretKey desKeyEnc = keyFactoryEnc.generateSecret(desKeySpecEnc);
// use Data Encryption Standard
Cipher desEnc = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKeyEnc);
CipherOutputStream cout = new CipherOutputStream(out, desEnc);
OutputStream outstream=new BufferedOutputStream(new GZIPOutputStream(cout));
return outstream;
Here is client/server pair in which i use both encrypting outpustream and decrypting inputstream at both ends.
serverSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class serverSocketDemo
private Cipher desEnc,desDec;
serverSocketDemo()
try
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyData = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpec = new DESKeySpec(desKeyData);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey desKey = keyFactory.generateSecret(desKeySpec);
desEnc = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKey);
desDec = Cipher.getInstance("DES");
desDec.init(Cipher.DECRYPT_MODE, desKey);
catch (javax.crypto.NoSuchPaddingException e)
System.out.println(e);
catch (java.security.NoSuchAlgorithmException e)
System.out.println(e);
catch (java.security.InvalidKeyException e)
System.out.println(e);
catch(Exception e)
System.out.println(e);
startProcess();
public void startProcess()
try
ServerSocket server=new ServerSocket(2000);
while (true)
final Socket theConnection=server.accept();
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connection request from : "+theConnection.getInetAddress());
Thread input=new Thread()
public void run()
try
//Input starts from here
Reader in=new InputStreamReader(new BufferedInputStream(new CipherInputStream(theConnection.getInputStream(), desDec)),"ASCII");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n'|| c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Client : "+str);
catch(Exception e)
System.out.println("Error caught inside input Thread : "+e);
input.start();
Thread output=new Thread()
public void run()
try
//Output starts from here
OutputStream out=new BufferedOutputStream(new CipherOutputStream(theConnection.getOutputStream(), desEnc));
System.out.println("it will not be printed");
out.write("You are Welcome\n".getBytes());
out.flush();
catch(Exception e)
System.out.println("Error caught inside output Thread : "+e);
output.start();
try
output.join();
input.join();
catch(Exception e)
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static void main(String args[])
serverSocketDemo server=new serverSocketDemo();
clientSocketDemo.java
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
import java.util.zip.*;
class clientSocketDemo
private Cipher desEnc,desDec;
clientSocketDemo()
try
// register the provider that implements the algorithm
Provider sunJce = new com.sun.crypto.provider.SunJCE( );
Security.addProvider(sunJce);
// create a key
byte[] desKeyData = "This encryption can not be decrypted".getBytes();
DESKeySpec desKeySpec = new DESKeySpec(desKeyData);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey desKey = keyFactory.generateSecret(desKeySpec);
desEnc = Cipher.getInstance("DES");
desDec = Cipher.getInstance("DES");
desEnc.init(Cipher.ENCRYPT_MODE, desKey);
desDec.init(Cipher.DECRYPT_MODE, desKey);
catch (javax.crypto.NoSuchPaddingException e)
System.out.println(e);
catch (java.security.NoSuchAlgorithmException e)
System.out.println(e);
catch (java.security.InvalidKeyException e)
System.out.println(e);
catch(Exception e)
System.out.println(e);
startProcess();
public void startProcess()
try
final Socket theConnection=new Socket("localhost",2000);
System.out.println("Connecting from local address : "+theConnection.getLocalAddress());
System.out.println("Connecting to : "+theConnection.getInetAddress());
Thread output=new Thread()
public void run()
try
//Output starts from here
OutputStream out=new BufferedOutputStream(new CipherOutputStream(theConnection.getOutputStream(), desEnc));
out.write("Please Welcome me\n".getBytes());
out.flush();
catch(Exception e)
System.out.println("Error caught inside output thread : "+e);
output.start();
Thread input=new Thread()
public void run()
try
//Input starts from here
Reader in=new InputStreamReader(new BufferedInputStream(new CipherInputStream(theConnection.getInputStream(), desDec)),"ASCII");
System.out.println("it will not be printed");
StringBuffer strbuf=new StringBuffer();
int c;
while (true)
c=in.read();
if(c=='\n' || c==-1)
break;
strbuf.append((char)c);
String str=strbuf.toString();
System.out.println("Message from Server : "+str);
catch(Exception e)
System.out.println("Error caught inside input Thread : "+e);
input.start();
try
output.join();
input.join();
catch(Exception e)
theConnection.close();
catch(BindException e)
System.out.println("The Port is in use or u have no privilage on this port");
catch(ConnectException e)
System.out.println("Connection is refused at remote host because the host is busy or no process is listening on that port");
catch(IOException e)
System.out.println("Connection disconnected");
catch(Exception e)
public static void main(String args[])
clientSocketDemo client=new clientSocketDemo();
**** I know that the CInput tries to read some header stuff thats why i used two threads for input and output.
Waiting for the reply.
Thank you.Do not ever post your code unless requested to. It is very annoying.
Try testing what key is being used. Just to test this out, build a copy of your program and loop the input and outputs together. Have them print the data stream onto the screen or a text file. Compare the 1st Output and the 2nd Output and the 1st Input with the 2nd Input and then do a static test of the chipher with sample data (same data which was outputted), then do another cipher test with the ciphertext created by the first test.
Everything should match - if it does not then follow the steps below.
Case 1: IO Loops do not match
Case 2: IO Loops match, but ciphertext 1st run does not match loop
Case 3: IO Loops match, 1st ciphertext 1st run matches, but 2nd run does not
Case 4: IO Loops match, both chiphertext runs do not match anything
Case 5: Ciphertext runs do not match eachother when decrypted correctly (outside of the test program)
Problems associated with the cases above:
Case 1: Private Key is changing on either side (likely the sender - output channel)
Case 2: Public Key is changing on either side (likely the sender - output channel)
Case 3: Private Key changed on receiver - input channel
Case 4: PKI failure, causing private key and public key mismatch only after a good combination was used
Case 5: Same as Case 4 -
Database connection encryption and integrity with ColdFusion and Oracle thin client
As ColdFusion datasource we are using the Oracle thin client to connect with the database. So, basically we are using a JDBC URL such as jdbc:oracle:thin:@... and as Driver Class oracle.jdbc.OracleDriver. This works successfully however we would like to set encryption and integrity parameters as well. In Java this is done similarly by setting a Properties object prior to getting a connection as follows:
Properties prop = new Properties();
prop.put("oracle.net.encryption_client", "REQUIRED");
prop.put("oracle.net.encryption_types_client", "( DES40 )");
prop.put("oracle.net.crypto_checksum_client", "REQUESTED");
prop.put("oracle.net.crypto_checksum_types_client", "( MD5 )");
OracleDataSource ods = new OracleDataSource();
ods.setProperties(prop);
ods.setURL("jdbc:oracle:thin:@localhost:1521:main");
Connection conn = ods.getConnection();
Is there a way that I can pass these parameters to the ColdFusion datasource. Ideally, I would love to do this centrally in such way that a change to all the cfquery or cfstoredproc is not needed.
I also know that in application servers such as Oracle AS there is an option when creating a datasource which says "Add Properties". In there you can add such properties. So, I was thinking of maybe creating a JNDI DS in the app. server and then magically connecting to it but this may have some impacts on the app.
Besides this I was also thinking of communicating with the CF datasource through the CF admin API (cfide.adminapi.administrator) and also the option of extending the Oracle driver so that when CF connects with it these params are already set.
I would love to have your professional opinion and suggestions on this.I believe the thin driver actually needs the IP address (not the DNS name). Also, is "java" the name of the Oracle instance to which you are trying to connect?
Try the following:String driver = "jdbc:oracle:thin";
String dbIP = "W2RZ1NXG01's IP address";
String dbPort = "1530";
String dbSid = "java";
String dbUser = "Admin";
String dbPswd = "apassword";
String cnctStr = driver + ":@" + dbIP + ":" + port + ":" + dbSid;
try
Class.forName("oracle.jdbc.driver.OracleDriver");
con = DriverManager.getConnection( cnctStr, dbUser, dbPswd );
stmt = con.createStatement();
stmt.executeUpdate(createString);
stmt.close();
con.close();
catch(SQLException ex)
System.err.println( "The following SQLException occurred: " + ex );
System.err.println( "Message: " + ex.getMessage() ); -
How do I open a password protected excel file created on a PC in numbers 09, on a MacBook Air? I get a message that the "file is encrypted and can't be opened"
This is actually not true; I support users who are doing this w/ Excel 2011 (v14.2.2+) for Mac and Windows users w/ Excel 2003 & 2007. Win users are from finance dept, and who have pasword-protected various budget files. The Mac users are (surprise) "creative" users, who enter pw to unlock and edit these budget files.
These files are shared from a Mac server (running 10.6.8 server), and I do have an erratic problem where all users have read-only access to these pw-protected Excel files. The manual work-around has been to copy the troublesome file(s) and confirm users have full access again. I also do a shuffling of filenames, so that the new, working file has original file name.
FYI: the Mac server POSIX and ACL permissions are correct, and don't appear to be source of the problem.
It's easy an SMB file-locking issue or concurrent users trying to edit these files. I keep reminding them that Excel is not a database!
Maybe you are looking for
-
Cant seem to play movies any longer, anyone know when an updated or beta app will come out?
-
Application Insights for load testing in VS 2013, Azure Preview or Visual Studio Online?
I'm trying to get some clarification on which version of application insights to use to get performance counters from application insights for my azure cloud service for load and performance testing purposes. So far, its not be clear what the differ
-
Hello I am new here and have a question. I am buying a 24" iMac to use Logic on when a friend suggested two monitors. Can't I just open up two different windows instead? Also room is a consideration. If I have to buy another monitor, I buy go to a 20
-
Insert HD Movie in PDF on Mavericks
Hi, I can insert a video or HD movie in Pages and a PDF. The clips play in Pages but does not in the PDF. Previously, there was a tab under "Tools" where we could insert a movie in a PDF and play it. This feature is no longer supported in Mavericks.
-
Photo gallery show the exif information
Hi Is it possible to show any information in every photos i upload to iWEB when people click on my photos. Thanks kpo